Cybersecurity Architect

JOB DESCRIPTION

The Cybersecurity Architect defines and governs the end-to-end security architecture for TASMU Platform 2.0 and its vendor-delivered capabilities, ensuring secure-by-design implementation across cloud-agnostic deployments. The role establishes security standards, reference architectures, and assurance processes covering identity, network segmentation, application security, data protection, and operational security monitoring. Working with MCIT, Ooredoo, vendors, and TASMU operations, the architect drives threat modeling, security controls validation, and compliance evidence readiness, including SIEM/SOAR integration, vulnerability management, and incident response procedures. The role ensures consistent security posture across multi-tenant environments and across Azure and any connected clouds.

DUTIES & RESPONSIBILITIES

• Define TASMU 2.0 security reference architecture and baseline controls for cloud, Kubernetes, applications, and data services.
• Lead security governance: security design reviews, threat modeling, security exceptions, and risk acceptance processes.
• Define identity and access controls (Entra ID, RBAC, PIM/JIT, conditional access, service principals, secrets management).
• Design network security architecture (segmentation/trust zones, private endpoints, WAF, egress controls, firewall policies).
• Establish application security standards (OWASP, secure SDLC, SAST/DAST, dependency/SBOM, container image signing).
• Define data security controls (classification, encryption/CMK/HSM, DLP, key management, retention, secure deletion).
• Own security monitoring requirements and integrations: Defender for Cloud (CSPM/CWPP), Sentinel (SIEM), SOAR playbooks, alert tuning.
• Define vulnerability management and patching processes for OS/K8s/runtime components, including SLA targets and reporting.
• Support incident response readiness: runbooks, tabletop exercises, forensic logging, evidence handling, and post-incident improvements.
• Provide assurance of vendor deliverables and go-live readiness (pen test coordination, remediation validation, compliance evidence packs).

SKILLS & ABILITIES

• Deep understanding of cloud security architecture, zero-trust networking, and Kubernetes/container security.
• Strong capability in IAM design and privileged access governance in regulated environments.
• Ability to translate risk and compliance requirements into practical technical controls and acceptance criteria.
• Experience implementing security monitoring, detection engineering, and incident response processes.
• Strong stakeholder influence and ability to enforce standards across multiple vendors and teams.

POTENTIAL BACKGROUND

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, a Master’s degree is highly preferred
• 8+ years in cybersecurity architecture or security engineering roles in government, telco, finance, or critical infrastructure.
• Hands-on experience securing Azure and at least one other cloud (GCP/AWS), including hybrid connectivity and shared responsibility.
• Proven experience with SIEM (Microsoft Sentinel preferred) and CSPM/CWPP (Defender for Cloud preferred).
• Experience with secure SDLC, vulnerability management, penetration testing coordination, and remediation programs.
• Relevant certifications preferred (CISSP/CCSP, CISM, Azure Security Engineer, CKA/CKS, ISO 27001 awareness).

PREFERRED TOOLS / SOFT SKILLS

Preferred tools:

• Security posture & SIEM: Microsoft Defender for Cloud, Microsoft Sentinel, SOAR playbooks
• Container/K8s security: image scanning (Trivy/Anchore), policy-as-code (OPA/Gatekeeper), cosign/Sigstore, Kubernetes audit tools
• Identity & secrets: Azure Entra ID, PIM, Key Vault/KMS/HSM, PAM tooling

Soft skills:

• Risk-based decision-making and ability to articulate trade-offs clearly
• Strong facilitation of threat modeling and security design reviews
• Clear, structured documentation and compliance evidence mindset
• Calm, decisive leadership during incidents and high-pressure situations
• Collaborative approach that enables delivery while maintaining security standards

Job Type: Permanent

Pay: Up to QAR20,000.00 per month